Posted
by
timothyon Thursday May 01, 2014 @09:29AM
from the but-we-were-only-peeking dept.

itwbennett (1594911) writes "Google will no longer scan the email messages of students and other school staff who use its Google Apps for Education suite, exempting about 30 million users from the chronically controversial practice for Gmail advertising. In addition, Google is removing the option for Apps for Education administrators to allow ads to be shown to their users. Until now, ads were turned off by default, but admins could turn on this feature at their discretion. A Google spokesperson called the move part of a 'continued evolution of our efforts to provide the best experience for our users, including students' and not a response to a recent lawsuit alleging that by scanning Gmail messages Google violated wiretapping laws and breached users' privacy."

If you don't know that there are other email providers or that you can set up your own mail server, then the problem lies with/you/, not Google.

But that's only the beginning. If you don't want people looking at your stuff, encrypt it. Email is a postcard without any ability to put an "envelope" around it except full-on encryption. Otherwise/anyone/ in the RECEIVED: chain and Tinfoil Agencies can read it.^2

Sorry, but your argument is invalid.

--BMO

Footnotes:

1. My oldest active email address is literally in someone's basement on their LAN. For 18 years, roughly.

2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.

2. Before the idiots chime in here and say "but nobody should be looking at all!!#$!$#!@#" - not every country has the same privacy laws, and not every provider in the RECEIVED: chain has the same policies. Depending on Google to defend your privacy with plaintext messages is dumb.

It's neither idiotic, nor dumb. The way email works might be part of your specialist knowledge (and mine and most people who read slashdot). But that doesn't mean that perfectly intelligent people in other domains know how email is implemented. If you took a survey of doctors or architects or humanities professors, then probably a minority would know about the plaintext transport of email, They are not stupid people, they just know about different things. And many things that they know about you don't. But they are not calling you an idiot.

When we criticise the bad behaviour of tech companies, we do it for EVERYONE, not just for computer geeks. People without this specific field of interest don't deserve to have their lack of specialist knowledge taken advantage of any more than they deserve to be called idiots by the likes of you.

Every internet guide for "Dummies" since the dawn of time/the Internet says that email is no more than a postcard.

It's not "specialist knowledge.

Encryption for email is the rough equivalent of using https to access a web page, or WPA encryption at the router, which many "neophytes" know about already. If your mind flies away from your skull and disappears when encryption is mentioned in conjunction with email, the problem lies with your inabilit

Many schools now use Google apps for students. That includes Gmail, Drive, and productivity apps. My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students... So "use someone else" is a nice generalization but not always an option... That's why I'm happy to see this.

Teachers don't want your essays on paper, that would make it impossible (ok, very difficult) for them to use automated grading [slashdot.org] or at the very least automated plagiarism detection. Everything must be submitted digitally nowadays.

Teachers can go fuck themselves, then. Or simply use a scanner. I'm not going to be treated like a criminal by some lazy fat-ass. This simply won't fly around here anyway. Hooray for conservative Europe.

My son is required to hand his assignments in via Google Drive and use Gmail to communicate with teachers and fellow students...

I can certainly understand a university requiring gmail to communicate with teachers, but I've never heard of a university requiring students to use gmail to communicate with fellow students. Does that mean that if I become friends with someone in one of my classes I cannot use any e-mail system other than gmail if I want to make plans with them? That sounds like a huge invasion of privacy, and frankly, I'm not even sure how this rule would be enforced.

I've been involved in negotiations with a couple of contracts relating to Google Apps for Enterprise/Education.

In each one, the "scanning" has been explicitly mentioned in the contract. In each one, scanning for the purposes of advertising has only happened if the domain administrator allows it to happen. If it is turned off, Google will not scan mail for the purposes of advertising content.

There are of course other reasons why google will scan your email. Spam/Antivirus filtering and indexing to enable search functionality are two that come to mind.

Basically, all Google have done is remove the domain administrators ability to allow ads, and I'm not aware of anyone I know who used Google Apps for Education/Enterprise with it turned on anyway.

Perhaps the fact that the internet was initially conceived of as a method for educational institutions to quickly exchange communications and research data? A situation in which privacy had very limited application, and the demands of delivering it were prohibitively costly - remember, at the time individuals didn't own computers, the entire processing capacity of the MIT, Harvard, etc. computer department was considerably smaller than your smart phone possess today, and encryption is computationally expen

If true, i guess the gmail PGP they considered made it impossible to scan the emails anyway, so they might as well make a big deal out of it. First education ofcourse, it'll simplify that lawsuit and all. http://www.edwe [edweek.org]

As an email administrator, all good administrators scan email. This is done for Spam filtering as well as things like Virus protection, archiving/indexing (Freedom of Information Act). Most of it is automated and humans are almost never involved in reading email. At this Macro level, I have but only one reservation, at any point humans can become involved. This includes Gmail's scanning for advertisements.

The issue isn't the scanning, it is the abuse (potential) of humans inserting themselves into the proce

The issue isn't the scanning, it is the abuse (potential) of humans inserting themselves into the process to data mine on SPECIFIC users, without any other controls in place. I don't care about my data being aggregated, I care about my data being mined to be used against me. Given enough data, all of us are vulnerable.

Technology isn't the problem. It never was. The problem is humans, and always will be.

How much are the emails of your competitor's best salesmen worth to you? What if they were scanned to forward only those between him and his customers? What if you got alerts when a new prospect emailed? There is so much profitable data in email if only you fully monetize it! (and resell it through a Business Intelligence '3rd party' so you can claim to be the victim when caught!)

If you actually tried to comprehend my point, I covered your case. I care about data being mined being used against me (best salesman's email) aggregating data will not poach your salesman, that would take human intervention. Google isn't selling the Salesman's Email (yet) .

In loco parentis. The school picks the provider based upon whatever guidelines they are required to adhere to. Attending the school requires using the school's services, whomever provides them. It's likely that the parents don't even know the kids have a school email account, never mind who hosts the service.

Of course we all know there's incentives provided to school districts and Google of course gets more subscribers, more accounts and more hooks into the kids. I doubt 90% of the parents even know what apps or access their kids have while at school. I do because my kids have been hacking the firewalls for years so I routinely get a "your son/daughter has been violating school policy.... blah blah blah" I retort "fix your insecure shit, they're providing vulnerability testing services to you for free!"

It's likely that the parents don't even know the kids have a school email account, never mind who hosts the service.

You say that in response to me pointing out my local schools send and authorization form to parents...? I doubt there's a school anywhere that's stupid enough to give kids an email address without parental permission and signing of a waiver. All it takes is one precious snowflake unexpectedly getting porn spam and the school is in hot water. In loco parentis doesn't mean schools can do whatever they want.

Not just that, but Gmail educational accounts usually end in @Name_Of_Institution. So, even if you could make the dubious argument that the sender is responsible for knowing Gmail's terms if they want to send email to a Gmail recipient, there's no way to know that the recipient uses Gmail.

How about allowing schools to use the old HTTP for searches instead of enforcing the HTTPS. All it does is bring an added expense into the district for me to filter the SSL searches to keep kids from accessing images that they shouldn't.
By forcing all searches through SSL, filters can no longer be applied to the encrypted data without using some form of DPI-SSL. We don't host our own DNS, so adding nossl to the DNS CNAME won't work.
Thanks Google for making it more expensive to be CIPA compliant.

Bullshit, it's called getting the legal screws applied to your nuts [thinkprogress.org], not some change of heart concerning privacy by Google. They're facing multiple lawsuits and they're making concessions that they know they'll have to implement anyway. I'm hoping Judge Koh throws the book at these hypocrites.

When you enable spam filtering in Google, the spam filter "reads all your email" in exactly the same way the "invasive" practice from this lawsuit does. It just does it to serve Google and not the user. You have no privacy on the Internet unless you encrypt your traffic, and not even then if the NSA has their way. Until people get that, they should assume that people are "reading" their messages.